Cisco Systems OL-6217-01 manual Implementing the Cisco Swan Framework

Page 13

Cisco Structured Wireless-Aware Network (SWAN) Implementation Guide

Implementing the Cisco SWAN Framework

Cisco Wireless LAN Solution Engine (CiscoWorks WLSE)

The CiscoWorks WLSE is a management tool that provides comprehensive WLAN device management, including access point configuration, fault management, and extensive reporting. The CiscoWorks WLSE also applies intelligence to radio management data gathered from the network. The intelligent processing of data allows for advanced RF management tools that control power and channel settings on access points, detect interference, and detect, locate, and mitigate against WLAN intrusion sources.

WLAN Client Devices

Fast secure roaming using CCKM requires client device support for encryption key management. Cisco Aironet client adapters and non-Cisco client adapters compliant to the Cisco Compatible Extensions version 2 requirements support CCKM with Cisco LEAP authentication. Cisco Aironet client adapters and non-Cisco client adapters compliant with Cisco Compatible Extensions version 3 requirements can use CCKM with EAP-FAST authentication. Other EAP types such as EAP-TLS and PEAP may be used with CCKM with some third-party supplicants.

WLAN clients can also be used to gather radio management data with a radio measurement technique called the client walkabout and during normal operations with a measurement technique called radio monitoring. Cisco client adapters and client adapters compliant with the Cisco Compatible Extensions version 2 requirements are used to gather radio measurement data.

Implementing the Cisco SWAN Framework

The phases of constructing the Cisco SWAN framework are:

1.WDS activation

2.Infrastructure access point authentication and registration

3.CiscoWorks WLSE authentication and registration

4.CiscoWorks WLSE device discovery and management

During the WDS activation phase, the WDS service becomes active on its host device. In the access point-based WDS solution, the WDS advertises itself via WLCCP broadcast messages on the access point management subnet.

In the infrastructure authentication and registration phase, infrastructure access points present 802.1x credentials for authentication to the WDS. After authentication, WLCCP registration requests are issued to the WDS. Cisco LEAP is currently the only supported authentication mechanism for infrastructure access point authentication 802.1x or EAP types are supported for WLAN client authentication. In the access point-based WDS solution, the WDS is discovered by infrastructure access points by the WLCCP broadcast messages from the WDS. In the WLSM-based WDS solution, infrastructure access points must be configured with the IP address of the WLSM.

After the infrastructure access points are registered with the WDS, a WLCCP communication link is established between the WDS and the CiscoWorks WLSE. The CiscoWorks WLSE IP address is configured on the WDS-hosting device. The WDS device attempts to contact the CiscoWorks WLSE with WLCCP messages; this is how the CiscoWorks WLSE "discovers" the WDS device. After the WLAN administrator manages the WDS device within the CiscoWorks WLSE, the CiscoWorks WLSE presents credentials for authentication to the WDS. After the authentication is completed, the WDS and WLSE negotiate encryption keys to secure future WLCCP transactions.

Cisco Structured Wireless-Aware Network (SWAN) Implementation Guide

 

OL-6217-01

13

 

 

 

Page 12 Page 14
Image 13
Page 12 Page 14
Contents Corporate Headquarters Cisco Aironet 1400 Series Wireless Bridge Deployment Guide N T E N T S Contents Book Title Xxxxx-xx Audience Acroymns and Terms Cisco Swan Framework Overview Cisco Swan Layers Cisco Swan Logical View Shows the access point-based WDS solution WDS Wlccp Cisco Swan Framework ComponentsHardware Components Software ComponentsImplementing the Cisco Swan Framework Common Tasks CiscoSecure ACS NAS Setup Adding Username and Password Credentials CiscoSecure ACS User Setup AAA-apconfig-radsrvuser username password password AAA-apconfig#radius-server localCiscoWorks Wlse Snmp Community Entry Screen CiscoWorks Wlse Telnet/SSH Credentials Entry Configuring the WDS Access Point Access Point-Based WDS Solution ConfigurationWds-apconfig#username username password password Wds-apconfig#hostname hostnameWds-apconfig#wlccp wds priority priority number Configuring the Infrastructure Access PointWds-apconfig#wlccp wnm ip address wlse ip address Infra-apconfig#hostname hostname Managing the Access Points with the CiscoWorks WlseInfra-apconfig#username username password password Infra-apconfig-line#access-class access-list numberValidating the Configuration Switch-Based WDS Solution ConfigurationConfiguring the Catalyst 6500 Supervisor Wds-ap#show wlccp wds apCreate the Vlan between the supervisor and Wlsm Configuring the WDS on the WlsmWlsmconfig#hostname hostname Wlsmconfig#snmp-server view iso iso includedWlsmconfig# wlccp wnm ip address wlse ip address Configuring the Infrastructure Access PointsInfra-apconfig#wlccp ap wds ip address wlsm ip address Wlsm# show wlccp wds ap Validating the SetupWlsm# show wlccp wnm status Mobility ap Sup720# show mobility statusFast Secure Roaming with Cckm Infra-apconfig#interface dot11Radio When Using Multiple Encryption Types or VLANsInfra-apconfig-if#encryption mode ciphers cipher-type Infra-apconfig-if-ssid#authentication network-eap eap-groupClick Profile Management Configuring ACU to use CckmCisco Swan Framework Radio Management Cisco Swan Radio Management FeaturesBuilding Tool Pop-Up Window Preparing to Use Cisco Swan Radio ManagementCisco Swan Radio Management Features Page OL-6217-01
Top Page Image Contents